Fun

News Feed - 2023-11-25 06:11:59

Tom Blackstone2 hours agoBlast network hits $400M TVL, rebuts claim that it’s too centralizedThe Blast team responded to claims that its multisignature upgrade functionality makes it too centralized.311 Total views3 Total sharesListen to article 0:00NewsJoin us on social networksWeb3 protocol Blast network has gained over $400 million in total value locked (TVL) in the four days since it was launched, according to data from blockchain analytics platform DeBank. But in a Nov. 23 social media thread, Polygon Labs developer relations engineer Jarrod Watts claimed that the new network poses significant security risks due to centralization.


The Blast team responded to the criticism from its own X (formerly Twitter) account, but without directly referring to Watts’ thread. In its own thread, Blast claimed that the network is as decentralized as other layer 2s, including Optimism, Arbitrum and Polygon.On multisig security.

Read this thread to understand the security model of Blast along with other L2s like Arbitrum, Optimism, and Polygon.— Blast (@Blast_L2) November 24, 2023


Blast network claims to be “the only Ethereum L2 with native yield for ETH and stablecoins,” according to marketing material from its official website. The website also states that Blast allows a user’s balance to be “auto-compounded” and that stablecoins sent to it are converted into “USDB,” a stablecoin that auto-compounds through MakerDAO’s T-Bill protocol. The Blast team has not released technical documents explaining how the protocol works, but it says they will be published when the airdrop occurs in January.


Watts’ original post said Blast may be less secure or decentralized than users realize, claiming that Blast “is just a 3/5 multisig.” If an attacker gets control of three out of five team members’ keys, they can steal all of the crypto deposited into its contracts, he alleged."Blast is just a 3/5 multisig..."

I spent the past few days diving into the source code to see if this statement is actually true.

Here"s everything I learned:— Jarrod Watts (@jarrodWattsDev) November 23, 2023


According to Watts, the Blast contracts can be upgraded via a Safe (formerly Gnosis Safe) multisignature wallet account. The account requires three out of five signatures to authorize any transaction. But if the private keys that produce these signatures become compromised, the contracts can be upgraded to produce any code the attacker wishes. This means an attacker who pulls this off could transfer the entire $400 million TVL to their own account.


In addition, Watts claimed that Blast “is not a layer 2,” despite its development team claiming so. Instead, he said Blast simply “accepts funds from users” and “stakes users’ funds into protocols like LIDO” with no actual bridge or testnet being used to perform these transactions. Furthermore, it has no withdrawal function. To be able to withdraw in the future, users must trust that the developers will implement the withdrawal function at some point in the future, Watts claimed.


Additionally, Watts claimed that Blast contains an “enableTransition” function that can be used to set any smart contract as the “mainnetBridge,” which means that an attacker could steal the entirety of users’ funds without needing to upgrade the contract.


Despite these attack vectors, Watts claimed he did not believe Blast would lose its funds. “Personally, if I had to guess, I don’t think the funds will be stolen,” he stated. But he also warned that “I personally think it’s risky to send Blast funds in its current state.”


In a thread from its own X account, the Blast team stated that its protocol is just as safe as other layer-2s. “Security exists on a spectrum (nothing is 100% secure),” the team claimed, “and it’s nuanced with many dimensions.” It may seem that a non-upgradeable contract is more secure than an upgradeable one, but this view can be mistaken. If a contract is non-upgradeable but contains bugs, “you are dead in the water,” the thread stated.


Related:Uniswap DAO debate shows devs still struggle to secure cross-chain bridges


The Blast team claims the protocol uses upgradeable contracts for this very reason. However, the keys for the Safe account are “in cold storage, managed by an independent party, and geographically separated.” In the team’s view, this is a “highly effective” means of safeguarding user funds, which is “why L2s like Arbitrum, Optimism [and] Polygon” also use this method.


Blast is not the only protocol that has been criticized for having upgradeable contracts. In January, Summa founder James Prestwich argued that the Stargate bridge had the same problem. In December 2022, the Ankr protocol was exploited when its smart contract was upgraded to allow 20 trillion Ankr Reward Bearing Staked BNB (aBNBc) to be created out of thin air. In the case of Ankr, the upgrade was performed by a former employee who hacked into the developer’s database to obtain its deployer key.# Ethereum# Hackers# Cybersecurity# Hacks# DeFi# Layer2# StakingAdd reactionAdd reactionRead more3 things we might see from crypto as 2023 winds to an endWill the next crypto bull run be dominated by L1s, L2s or something else?Layer 2 networks hit $13B TVL, but challenges still remain

News Feed

Universal Music Group’s Web3 Label Buys Bored Ape for $360K in Ethereum
Universal Music Group’s Web3 Label Buys Bored Ape for $360K in Ethereum On Friday, Universal Music Group’s Web3 label dubbed 10:22PM revealed it purchased the Bored Ape Ya
NFT Weekly Sales Volume Improves Jumping 17% Higher Than the Week Prior
NFT Weekly Sales Volume Improves Jumping 17% Higher Than the Week Prior After cryptocurrency assets jumped in value this week, following the Federal Reserve’s rate hike on W
Bitcoin Kurs Prognose: Jetzt kaufen oder verkaufen?
Die Stimmung am Kryptomarkt war schonmal besser. Die Neujahrsrallye haben sich die meisten Anleger wohl anders vorgestellt. Immerhin hat man von allen Seiten gehört, dass dem Kryptomarkt unter Donald Trump eine großart
Savannah Fortis10 hours agoAlibaba releases two open-sourced AI models to rival Meta’s Llama 2The Chinese tech and e-commerce giant Alibaba revealed two new open-sourced AI models, Qwen-7B and Qwen-7B-Chat, to rival Me
South Korean Government to Start Taxing Crypto Trading Profits in 2022
South Korean Government to Start Taxing Crypto Trading Profits in 2022 The South Korean government has issued an amendment to introduce tax on cryptocurrency tra
Vitalik Buterin proposes faster Ethereum trades with single-slot finality
Helen Partz10 hours agoVitalik Buterin proposes faster Ethereum trades with single-slot finalityEthereum co-founder Vitalik Buterin proposed moving away from Ethereum’s epoch-and-slot mechanism to a single-slot finalit
Mark Zuckerberg says Meta wearables that read brain signals are coming soon
Martin Young2 hours agoMark Zuckerberg says Meta wearables that read brain signals are coming soonThe new neural technology that Meta is developing will be “pretty wild,” said Zuckerberg, adding its first application
William Suberg14 hours agoBitcoin traders say ‘get ready’ as BTC price preps 2023 bull marketBTC price action is giving two traders no doubt about the Bitcoin bull market due to begin this year.7587 Total views90 Tot
Survey: More Than 70% of Salvadorans Believe the Bitcoin Law Has Not Improved Their Personal Finances
Survey: More Than 70% of Salvadorans Believe the Bitcoin Law Has Not Improved Their Personal Finances A recent survey has offered some insight into the real opinions Salvadorans ha
Webbland Metaverse Sales Jump 126% as 2 Penthouses Sell for Six-Figures
Webbland Metaverse Sales Jump 126% as 2 Penthouses Sell for Six-Figures While blockchain virtual worlds have seen significant demand during the last few months, an “interope
Tron’s Stablecoin USDD Falls to $0.97, USDC Deployed to Defend the $1 Parity
Tron"s Stablecoin USDD Falls to $0.97, USDC Deployed to Defend the $1 Parity After the Terra UST fallout and the current crypto market volatility, many eyes have been focused on th
Crypto exchanges subject to EU Travel Rule in 6 months
Arijit Sarkar45 minutes agoCrypto exchanges subject to EU Travel Rule in 6 monthsNew EU regulations mandate crypto exchanges to comply with Travel Rule Guidelines, enhancing AML/CFT measures starting Dec. 30.1174 Total v